[EMAIL PROTECTED] wrote: > Quoting r. Roland Dreier <[EMAIL PROTECTED]>: >> Subject: Re: CM patch for 2.6.17 merge >> >> Michael> The second is a security fix, its a must. >> >> Not sure I understand this. What's the exploit? > > Connecting from userspace to an SDP socket. People expect > sockets to be kernel-level.
To be fair, I do not think that users have a reasonable expectation that merely because they are using a socket that all traffic will be subject to kernel validation and inspection. But I do believe that most people assume that when they connect a socket that the kernel will block them if the connection is contrary to netfilter policies. _______________________________________________ openib-general mailing list [email protected] http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
